temporary fix thru ACL on cisco router for Web sense not working

Posted on 2009-04-29
Last Modified: 2012-05-06
Hi there,
i just found out that my url filtering software web sense license had expired about a couple of months ago ... till i get my license renewed, i want to know if there is any temporary fix i can achieve by using extended acl's on cisco router and deny access to specific websites
Scenario: Branch Router (Billion) --> ISP WAN --> Our Core Router (Cisco 2821) --> Internet

Example: i want to block web access to ... while doing nslookup, i found site's public i.p to be .. how and which interface shud i apply the acl to deny web access from the branch's I.P (which my core router knows about ) to this i.p ?

Would it be

access-list 101 deny tcp x.x.x.x y.y.y.y host eq 80
access-list 101 deny tcp x.x.x.x y.y.y.y host eq 443
access-list 101 permit ip any any

and apply it to the inside interface of core router (which connects to ip wan) ?

Question by:nabeel92
    LVL 6

    Expert Comment

    for this setting, you should apply the ACL to the branch router LAN interface as a inbound direction filtering

    Author Comment

    the inbound is a billion router .. i havent worked on billion before ... do they have filtering options like ACL ? secondly, is it possible if i can do it on a core router because there are about 50 sites connected to that core router and instead of defining it for each branch, i think i should do it on core ?
    Is the ACL i wrote above is correct ?
    LVL 6

    Accepted Solution

    if you have more than one branch site, of coz you apply ACL to the core router is a better way, just apply it on connect to the "IP WAN" interface. But you do not have mentioned about the "ISP WAN" is what type connection. Anyway, please aware if NAT involed of this "ISP WAN"

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Suggested Solutions

    There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
    PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now